From 5bf23a0e582bd6be3010c76ab0ba96bab72a8bbf Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 25 Jun 2018 04:10:42 +0200 Subject: [PATCH] cmdline: more stderr_to_null closer to is_silent --- cmdline.cc | 10 +++++----- nsjail.h | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/cmdline.cc b/cmdline.cc index 6736f40..bcd7ac8 100644 --- a/cmdline.cc +++ b/cmdline.cc @@ -97,9 +97,9 @@ struct custom_option custom_opts[] = { { { "keep_caps", no_argument, NULL, 0x0501 }, "Don't drop any capabilities" }, { { "cap", required_argument, NULL, 0x0509 }, "Retain this capability, e.g. CAP_PTRACE (can be specified multiple times)" }, { { "silent", no_argument, NULL, 0x0502 }, "Redirect child process' fd:0/1/2 to /dev/null" }, + { { "stderr_to_null", no_argument, NULL, 0x0503 }, "Redirect child process' fd:2 (STDERR_FILENO) to /dev/null" }, { { "skip_setsid", no_argument, NULL, 0x0504 }, "Don't call setsid(), allows for terminal signal handling in the sandboxed process. Dangerous" }, { { "pass_fd", required_argument, NULL, 0x0505 }, "Don't close this FD before executing the child process (can be specified multiple times), by default: 0/1/2 are kept open" }, - { { "stderr_to_null", no_argument, NULL, 0x0506 }, "Redirect FD=2 (STDERR_FILENO) to /dev/null" }, { { "disable_no_new_privs", no_argument, NULL, 0x0507 }, "Don't set the prctl(NO_NEW_PRIVS, 1) (DANGEROUS)" }, { { "rlimit_as", required_argument, NULL, 0x0201 }, "RLIMIT_AS in MB, 'max' or 'hard' for the current hard limit, 'def' or 'soft' for the current soft limit, 'inf' for RLIM64_INFINITY (default: 512)" }, { { "rlimit_core", required_argument, NULL, 0x0202 }, "RLIMIT_CORE in MB, 'max' or 'hard' for the current hard limit, 'def' or 'soft' for the current soft limit, 'inf' for RLIM64_INFINITY (default: 0)" }, @@ -396,8 +396,8 @@ std::unique_ptr parseArgs(int argc, char* argv[]) { nsjconf->mode = MODE_STANDALONE_ONCE; nsjconf->is_root_rw = false; nsjconf->is_silent = false; - nsjconf->skip_setsid = false; nsjconf->stderr_to_null = false; + nsjconf->skip_setsid = false; nsjconf->max_conns_per_ip = 0; nsjconf->proc_path = "/proc"; nsjconf->is_proc_rw = false; @@ -566,15 +566,15 @@ std::unique_ptr parseArgs(int argc, char* argv[]) { case 0x0502: nsjconf->is_silent = true; break; + case 0x0503: + nsjconf->stderr_to_null = true; + break; case 0x0504: nsjconf->skip_setsid = true; break; case 0x0505: nsjconf->openfds.push_back((int)strtol(optarg, NULL, 0)); break; - case 0x0506: - nsjconf->stderr_to_null = true; - break; case 0x0507: nsjconf->disable_no_new_privs = true; break; diff --git a/nsjail.h b/nsjail.h index 3838230..ee95fcc 100644 --- a/nsjail.h +++ b/nsjail.h @@ -115,8 +115,8 @@ struct nsjconf_t { enum ns_mode_t mode; bool is_root_rw; bool is_silent; - bool skip_setsid; bool stderr_to_null; + bool skip_setsid; unsigned int max_conns_per_ip; std::string proc_path; bool is_proc_rw; -- 2.7.4